[2613] in bugtraq
Re: Is _your_ Netscape under remote control
daemon@ATHENA.MIT.EDU (Dominique Avatravaux)
Fri May 24 19:53:41 1996
Date: Fri, 24 May 1996 20:12:09 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Dominique Avatravaux <dom@cwi.nl>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: martinh@mailhost.emap.co.uk "Is _your_ Netscape under remote
control" (May 24, 3:58pm)
Hello,
> Anyone else seen this? Netscape 1.1 and higher can be controlled
> remotely. This can be abused in many ways as Netscape can be made to open
> URL's add bookmarks, open local files and save local files without
> informing the user.
[snip]
Yep, I already attempted to exploit this bug... First this only works on
misconfigured X displays (I know it is not rare, but...), second it is somewhat
hard to make a daemon which periodically checks if there is a Netscape running
on a given machine, and third this is not discrete : unless iconized, the
Netscape window shows what it is doing. I gave up after several *weeks* of
trial (was attempting to make him a surprise)... Sincerely, there are much
easier ways to exploit misconfigured X displays, the simplest being a Trojan
horse imitating an Xdm login prompt.
> The Windows and Mac versions also have their own remote control but I'll
> leave someone else to look at them...
[snip]
>
Er, unfortunately enough they don't listen to the network in any way : only X
has this network-transparent inter-client communications feature (or W95,
perhaps ?)
--
Dominique Quatravaux
Dominique.Quatravaux@ens.fr
